In the Linux kernel, the following vulnerability has been resolved:
crypto: af-alg - fix NULL pointer dereference in scatterwalk
The AFALG interface fails to unmark the end of a Scatter/Gather List (SGL) when chaining a new afalgtsgl structure. If a sendmsg() fills an SGL exactly to MAXSGL_ENTS, the last entry is marked as the end. A subsequent sendmsg() allocates a new SGL and chains it, but fails to clear the end marker on the previous SGL's last data entry.
This causes the crypto scatterwalk to hit a premature end, returning NULL on sg_next() and leading to a kernel panic during dereference.
Fix this by explicitly unmarking the end of the previous SGL when performing sgchain() in afalgalloctsgl().
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43043.json",
"cna_assigner": "Linux"
}